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•r:f '. 1 Introduction 



\^ [ P.W.Shor proposed the algorithm to solve the factorization into prime factors within polynomial time by 

^^ ■ using the quantum computer m21- See also [S], on the recent advances of the Shor's factoring algorithm. 

In his paper, the number of the computational steps was estimated. Through this paper, we consider 
the case that we factorize n into finite prime numbers pi, (i = I, ■ ■ ■ ,k). We derive the precise estimation 
of the number of the computational steps, and then we show our estimation is more precise than Shor's 
original one. Shor showed it is required at least N times to be performed correctly factorization algorithm 
with the probability 1 — e or higher than it for any e > 0, as follows 
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where a,f3 are independent constant numbers with respect to n = pi'^^p2'^'^ ■ ■ ■Pk'^''- In this paper, we 
improve the Shor's estimation of N in the sense that our estimation is more precise than Shor's one. By 



fe 



^ • putting Pi — 1 = 2'^'cri with odd numbers (Ji and Ti > 1, {i ~ 1,2, ... , k), r' = min(ri, . . . , r^), f = X]i=i ''"Ji 

^ I we have for any e > 0, 

A^ > , ^°^^'^'^ ^ (log, nf . (2) 

This paper is organaized as follows: In section 2, we will review the estimation by Shor to compare with 
ours in the final section. In section 3, we show some results derived from number theory. In section 4, 
we show a new estimation of the computational complexity in Shor's factoring algorithm in the case that 
arbitrary integer n is factorized into finite prime numbers pi,{i = 1, ■ ■ ■ ,k), applying the results obtained 
in the previous section. Finally in section 5, we discuss the relation between our estimation and Shor's 
one. 

2 An original estimation by Shor 

As mentioned in the above, we review the original estimation by Shor in the case that arbitrary integer 
n is factorized into finite prime numbers pi, {i = 1, ■ ■ ■ , k). However, for simplicity, we review the Shor's 
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factoring algorithm in the case that arbitrary integer n is factorized into two prime numbers p and q in 
the following manner. 

1° Choose a number a from the set {1, . . . , n — 1}. 

2° Calculate gcd(a,n). 

3° If gcd(a,ri) — 1, then go to the next step. Otherwise, go to the step 8°. 

4° Calculate the order r of the number a with respect to mod n. (This calculations depend on the 
quantum computations.) 

5° If r is even number, then go to the next step. Otherwise, go to the step 8°. 

6° Calculate p' = gcA{ar/'^ + 1, n) and q' = gcd(a''/2 _ l, n). 

7° If either p' or q' is equal to n, then the next step. Otherwise, these number p' and q' are the prime 
number we seek. 

8° Go to the step 1°, and choose another a. 

We denote the probability which succeeds in the factorization at the first try through the above 
algorithm by Ps- We need at least N times to find the prime number under the condition that Ps > 1 — e: 

N > \og{l/e)/Ps. (3) 

In order to evaluate the probability Ps, we consider the following events: 

• Aa '■ The event which can be obtained a satisfying a < n and gcd(a, n) = 1. 

• Ar : The event which can be obtained the true order r by quantum computations. 

• Ae : The event which the order r becomes even number. 

• Af : The event which p' and q' become prime numbers p and q we seek. 
By using the above notations, the probability Ps can be represented by 

Ps > P{Ae n ^/ I ^a n Ar)P{Aa H Ar) - P{Ae H Af \ Aa H Ar)P{Aa)P{Ar) . (4) 

Therefore we evaluate three probability P(Ar),-P(^a) and P{Ae n Af \ Aa fl Ar). The event Ar is 
equivalent to the event which obtains d satisfying d <r and gcd(d, r) = 1 so that we have P{Ar) = 'f{r)/r 
by the use of Euler's function ip. Since it is known that for Euler constant 7 

liminf^('^)^"g^°g"=e-^ (5) 

r— >oo f 

we then have for sufficient large r, 

Pi^Ar) = ^ > ''" >£l>^:l= '£2^2§ll ^ ^, (6) 

r log log r log r log n log2 n log2 n 

where a is independent constant number with respect to n. Since P{Aa) = (p{n)/{n — 1), we similarly 
have 

P{Aa) > ^ (7) 

\0g2n 

where f3 is independent constant number with respect to n. 

Finally we note on the probability P{Ae H Af \ Aaf] Ar). In general, it is known that [HIEI for n = 
Pi'^^P2'^^ . ■ .Pk^'' with different prime numbers pi{i = 1, • ■ • , fc), the order r given by quantum computer 
is even number and 

P{A^nAf\AanAr)>l~^. (8) 



(In the section 4, we precisely estimate this probabihty.) Now we can estimate the computational com- 
plexity of Shor's algorithm. Substituting Eq.((2j),Eq.(jHl) and Eq.(jHl into Eq.Q, the probability Ps is 
computed by 

1 \ a/? 

From Eq.Q, we also have for any e > 0, 
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3 Lemmas in number theory 

For the prime number p, we denote the field Z/pZ which all elements are invertible, by (Z/pZ)^. It is 
well known Q that the following relation holds 

\{ae{Z/pZr;rp = d}\=^{d), (11) 

where d | p — 1 and Tp represents the order of a with respect to mod p. Then we have the following two 
lemmas. 

Lemma 3.1 For the number of the elements of {Z/pZ)^ , we may write p — 1 = 7^ g for odd number a 
and T > 1. Then we have 

|{ae (Z/pZ)^;rp :odd}| ==0- (12) 

|{ae (Z/pZ) "^ ; rp = 2* s(s: odd)} I = 2*~V, (13) 

where t is a fixed number {t — 1, 2, • ■ • , r). 

(Proof) For r^ — l^s with odd number s and i > 0, the following equivalent relation holds 

Tp : odd, rp I p - 1 ^=^ Tp | a. (14) 

Since r^ \p — \ — 2*s | 2'^(T, we have i < t, s | cr, and then i = by the fact that r^ ~ 2*s is odd number. 
Therefore we have r^ — s, and then we have rp \ a hy s \ a . Conversely, if r.p \ a, then Vp is the divisor of 
(T. Thus Vp is odd number. Moreover, if rp \ a, then Vp \ p — 1, since p — I = 2'^cr. Thus we have 

\{ae{Z/pZ)'<;rp:odd}\ = ^ ip{rp) 

Tp |p— 1, Tp-.odd 
rp|o- 

= a 
In the case of rp = 2*s, it holds the following equivalent relation 

rp I p- 1 <^=> s I a. (15) 

Indeed, by assumption 1 < t < r, if 2*s | 2'^ct, then we have s \ a. Conversely s \ a implies s \ 2'^a. 
Therefore for a fixed number t in (1 < i < t), we have 

\{ae{Z/pZ)'';rp^2*s{s:odd)}\ = ^ >f{rp) 

'"pip— 1. rp=2*s 

= E^(2*s) 

s\a 

= E^(2*)^(.) 

s\(T 

s\(7 

= 2*('l-iu 






Lemma 3.2 For n = pi'^ 



. . ■Pk^'' with prime numbers p^, (« = 1, • • • , k), we may write Pi — 1 — 2"^' with 
odd numbers Ui and t^ > 1. We denote the order of a with respect to mod n and mod pi by r and 
Tp. — 2*Pi Sp. , respectively. Then we have 



fc 

\{a e {Z/nZ)'';r : odd}\ ^Y[ap^, 



(16) 
(17) 

)(Z/pfeZ)^. Then for 



k 

\{a £ (Z/nZ)X;ip, = • • • = tp. = /}| = 22('-i) J]ap. 

where Z is a fixed number such that 1 < ^ < min(rpj, ■ • • , Tp^). 

(Proof) From Chinese Remainder Theorem, we have (Z/nZ)^ = (Z/piZ)^ • • 
a G (Z/nZ)^ , we have 

r = lcm{rpi,---,rpj, 
r : odd <=^ Tpj^ , • • • , Tp^ : odd, 
|(Z/nZ)x| = |(Z/piZ)x|-..|(Z/pfcZ)x|. 

Thus we have 

|{a e (Z/nZ)X;r : 0(id}| = | {a G (Z/nZ)^ ; rp^, ••■, Tp^ : odd} | 

= |{ae (Z/piZ)X;rpi : odd}| •■•|{ae (Z/pfcZ)X;rp, : odd}| 



(18) 






'Pi- 



Moreover, for a fixed Z, we have 

\{ae (Z/nZ)X;ip^ =---=tp. -^}| - \{ae {ZjnZY^tp^ =/}|...|{aG {Z/nZY'tp^ = 

= 22('-i)nap, 
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Thanks to the above two lemmas, we have the following theorem. 
Theorem 3.3 Define r' = min(Tpj , • • • , Tp^^ ) and f X]i=i '''pi ■ Then we have 



|{a6(Z/nZ)X;V =--- = V}| = 



2^-2 + 2 



fcr' *= 



2/c 



^n< 



and 



|{ae(Z/nZ)X;tp, =...=tpj| 



1 2" - 2 + 2'^' 



fcr' 



|(Z/nZ)x| 
(Proof) Applying Ea. lfT^ and Ea. lfT7|l . we have 
|{aG(Z/nZ)X;ip^ =... = tp,}\ 



2^ - 1 



= U{aG(Z/nZ)X;tp^=...=tp^^=?} 

r' 

= Y.\{ae{ZlnZY-tp,=...=tp,=l} 



1=0 



(19) 



(20) 



|{ae(Z/nZ)^tp, = ... = tp, =0}|+^|{aG(Z/nZ)^ip, = . . . = tp, = l}\ 



n-p.+E h'^^'-^^n-.. 



1=1 1=1 \ 



2k 



^n. 



which imphes Ea. H19() . In addition, since we have 

fc 
\{Z/nZr\ = \{Z/piZr\- ■ -liZ/pkZrl = 2'l[aj,^, 

we obtain Eq.lj^OIl from Ea. lfTHIl . 



(21) 



i=l 



4 A precise estimation of the comutational complexity 

Lemma 4.1 For n ~ pi*^^ . . .pk^^ , with prime numbers pi, (i = 1, • • ■ , A:), we set pi — 1 — 2'^^ai with odd 
numbers <Ti, Ti > 1, t' = min(Ti, . . . , r^) and f = X]i=i ''"*■ Then we have 



p{Aer^Af \Aar\Ar)^i- 



1 2*^-2 + 2 



kr 



(22) 



(Proof) We pay attention on the properties of the step 5° and 6° in the Shor's factoring algorithm 
presented in section 2 so that we have 

P{Ae'r\Af\Aar\Ar) = P f {r : even} n {a'^/^ 7^ ±1 [moA n)} Aa n Ar\ 

= p({r : even] n {a''/^ ^ -I (mod n)} AaC] Ar\ 
= 1 - P f{r : odd) U {a''^ = -1 (mod n)} Aa n A, 

Here we denote the order of a with respect to mod n and mod Pi by r = 2*s and rj = 2*'Si, respectively. 
Where i > 1, ti > 1 and s, Si are odd numbers for i = 1, • • ■ , k. Then the probability P{Af.r\Aj \ AaC\Ar) 
is rewitten by 



p(Ae n A/ I Aa n A^) 

= 1-P({r :odd}U I p|{a''/2 = -l (mod p,)} 



Aa n Ar 



= 1 - P {ti = . . . = ife = 0} U m{i,; = i} 



Aa n /Ir 



= 1-P(fl = 

Thus we have Eq.(|22Il from Ea. lf^ . 



tk\Aar\ Ar) . 



Theorem 4.2 For n = pi'^^ . . ■Pk'^'', with prime numbers Pi,{i = 1, • • • , fc), we set pi — 1 ~ 2'^'ai with 
odd numbers cr^, t; > 1, r' = min(Ti, . . . , r^) and f = J2i=i '''»■ Then we have 



Ps> I 



1 2'=-2 + 2 



kr 



2^ - 1 



(log2 n) 



(23) 



and for any £ > 0, 



A^>^ -i^OE.nf, (24) 



where a and /3 does not depend on n. 

(Proof) Applying Ea. lf^ to Eq.lQ and Eq.(|31), we have the present theorem. 

■ 

5 Comparison of two estimations 

As for Eq.© and Ea. (|22|l . we have the foUowing relation. 

Proposition 5.1 For n — pi'^^ . . .pk'^^ , with prime numbers pi, (i = 1, • • ■ , /c), we set p^ — 1 = 2'^'CTi with 
odd numbers Ci, t; > 1, t' = min(Ti, . . . , r/j) and f = X]i=i ''"*■ Then we have 



1 2*^ - 2 + 2'^^' 
2'="~T' 



l~—, ^ >l--r-r. (25) 

9/c _ 1 or — ofe — 1 ^ -' 



The equality holds when ti = ■ ■ ■ = Tf. = 1. 
(Prrof) Since 



1 2* - 2 - 2 



kr 



2k-i 2^ - 1 
> 



1 1 2*^ - 2 - 2*^^' 



2fe-i 2*^-1 2^^' 

1 1 \ / 1 



2k 2^''' ) \ 2^ -\ 
>0 

we have inequality. If ti = • • • = t^ = 1, then we easily find the equality holds. ■ 

Note that Shor's original estimation gives the greatest lower bound of the probability P(Ae fl Af 

A n 4 1 - 1 - 1 2''-2+2''"' 

I^a I I J^rj — i- 2'=-! 2^ 

From now on, we consider the simple case n — pq, where p and q are prime numbers. We also set 
p — 1 = 2'^P(Tp and q — 1 — 2'^'crg where Tp, Tq > 1 and ap and Ug are odd numbers. By the Shor's original 
estimation, the probability is given by 

PiA^nAf \Aar\Ar) > -. 

Moreover, by our precise estimation Ea. (|22|l . the probability is given by 

12 + 22™'"(^p''^9) 

P(Ae nAf lAaH Ar) = 1 . 

The figure 1 presents the relation among the probability P{Ae r\ Af \ AaC] Ar), Tp and Tq. From this 
figure, we find that the probability P{Ae n Af \ Aa H Ar) takes a minimum value 1/2 when Tp = Tq = 1. 
In general, the probability P{Ae f) Af \ Aa f) Ar) takes small values when Tp — Tq and it is close to 1 
when Tp ^ Tq. For the only case that n — pq, we can estimate the probability that the number a(< n) 
satisfying gcd{a, n) = 1 is obtained. 

Proposition 5.2 We suppose n — pq with two different prime numbers p and q. For sufficient large n 
and any e > 0, we have 

PiA.) . ^ > i. (26) 

n 2 



Figure 1: The relation among r^, Tq and the probability P{Ac. f^ Af \ Aa(^ Aj.). 



(Proof) Firstly we consider the case: n = pq. By Euler function, we have 

By the similar way for q, we have 

n - 2\ pj 2\ q 

Since we take the limit such as n ^ oo <;=> (p ^ oo or q ^ oo), we then have for any e and sufficient 
large n, 

n 2 

Secondly we consider the case n — 2q, then we have, 
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n 2 V 


1\ 


Taking q —> oo, we have 




1 / 1\ 
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2 V ^9/ 


^2' 


Therefore we have for any positive number e, 






{^(n) 


1 ip{n) 

2 n 


H 


Thus we have 




liminf^(") = 


1 

" 2 



which implies Ea. H2()|) for sufficient large 



Corollary 5.3 We suppose n = pq with two different prime numbers p and q. Also we set p — 1 = 
2'^''ap, q—l = 2'^'>aq and r' — min(rp, Tg), where Op and Uq are odd numbers such that Tp > 1 and r, > 1. 
Then we have 



Also we have for any e > 0, 
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